忘记密码   免费注册 查看新帖 | 论坛精华区

ChinaUnix.net

  平台 论坛 博客 认证专区 大话IT 视频 徽章 文库 沙龙 自测 下载 频道自动化运维 虚拟化 储存备份 C/C++ PHP MySQL 嵌入式 Linux系统
最近访问板块 发新帖
查看: 8589 | 回复: 8

Postfix SMTP 部分用户验证失败,POP验证正常。 [复制链接]

论坛徽章:
0
发表于 2012-03-15 15:16 |显示全部楼层
20可用积分
本帖最后由 GreenAugust 于 2012-03-19 12:23 编辑

请教大家,先谢谢

组件:Postfix+Dovecot+OpenLDAP

Postfix+Cyrus-SASL+OpenLDAP   验证SMTP
Dovecot+OpenLDAP  验证POP

Postfix Dovecot OpenLDAP 使用编译安装

Cyrus-SASL 使用RHL5.4 自带安装RPM包安装


POP和SMTP使用相同的数据库LDAP

问题:用户在发送邮件的时候,突然突出密码验证失败,日志显示 SASL LOGIN authentication failed: authentication failure,使用 testsaslauthd -uuser -ppassword依然验证失败。
登录phpLDAPadmin 登录,查看使用checkpassword 检查用户密码为正确的密码,排除用户更改密码的可能性。POP收取邮件正常,用户登录正常
问题是,这只是部分用户,没有大规模用户验证失败。
贴出配置:
Postfix  main.cf

————————————————————————————————————————————————————————————

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = ********************
mydestination = $myhostname,localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8,192.168.254.0/24


debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
virtual_mailbox_domains = ********************
virtual_mailbox_base = /mail
#virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply
#virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf
virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_limit = 0

virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
virtual_overquota_bounce = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.




virtual_uid_maps     = static:1000
virtual_gid_maps     = static:1000
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps




smtpd_sasl_auth_enable = yes
#smtpd_sasl_path = smtp
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_auth_destination
permit_sasl_authenticated
reject
#broken_sasl_auth_clients = yes

transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
#relayhost = 192.168.254.173
#relayhost = 192.168.254.173

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
#smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
#smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

smtpd_tls_loglevel = 1
bounce_queue_lifetime = 3d
maximal_queue_lifetime = 3d

[root@web postfix]# clear
[root@web postfix]# cat /etc/smtpd.conf
pwcheck_method: saslauthd
mech_list: login plain
[root@web postfix]# vim main.cf
[root@web postfix]# vim main.cf
[root@web postfix]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
[root@web postfix]# cat main.cf
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = ****************************
mydestination = $myhostname,localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8


debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no

virtual_mailbox_domains = **************************
virtual_mailbox_base = /mail
virtual_alias_maps = ldap:/etc/postfix/ldapalias.cf.autoreply,ldap:/etc/postfix/ldapalias.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_limit = 0
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:/etc/postfix/quota.cf
virtual_overquota_bounce = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_uid_maps     = static:1000
virtual_gid_maps     = static:1000
local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_mailbox_maps

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions =
permit_mynetworks
permit_auth_destination
permit_sasl_authenticated
reject
broken_sasl_auth_clients = yes

transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/private/localhost.key
smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd__scache
#smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
#smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

smtpd_tls_loglevel = 1
bounce_queue_lifetime = 3d
____________________________________________________________________________________

SASL 配置文件
——————————————————————————————————————————————————————
cat /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_bind_dn: cn=root,o=sesc,c=cn
ldap_bind_pw: 123456
ldap_search_base: ou=People,o=sesc,c=cn
ldap_version: 3
ldap_auth_method: bind
ldap_filter: (virtualdomainuser=%u)


cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: login plain


grep -Ev "^$|#" /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=ldap
FLAGS=

————————————————————————————————————————————————————————
以上;谢谢


目前我只有20积分,如果问题解决,可以提供给你$。感谢
_______________________________________________________________________________________

saslauthd

验证错误日志

Mar 11 12:48:01 china1 saslauthd[3742]: Retrying authentication
Mar 11 12:51:21 china1 saslauthd[3739]: Retrying authentication
Mar 11 12:58:50 china1 saslauthd[3738]: Retrying authentication
Mar 11 13:37:01 china1 saslauthd[3739]: Retrying authentication
Mar 11 14:10:48 china1 saslauthd[3738]: Retrying authentication
Mar 11 14:14:45 china1 saslauthd[3739]: Retrying authentication
Mar 11 14:14:45 china1 saslauthd[3739]: do_auth         : auth failure: [user=c11589] [service=smtp] [realm=] [mech=ldap] [reason=Unknown]
Mar 11 14:15:00 china1 saslauthd[3742]: Retrying authentication
Mar 11 14:15:00 china1 saslauthd[3742]: do_auth         : auth failure: [user=c11589] [service=smtp] [realm=] [mech=ldap] [reason=Unknown]
Mar 11 14:15:16 china1 saslauthd[3739]: do_auth         : auth failure: [user=c11589] [service=smtp] [realm=] [mech=ldap] [reason=Unknown]   
Mar 11 14:17:20 china1 saslauthd[3738]: Retrying authentication
Mar 11 14:18:56 china1 saslauthd[3741]: Retrying authentication
Mar 11 15:12:07 china1 saslauthd[3738]: Retrying authentication
Mar 11 15:54:14 china1 saslauthd[3741]: Retrying authentication
Mar 11 15:58:29 china1 saslauthd[3738]: Retrying authentication
Mar 11 16:04:07 china1 saslauthd[3738]: Retrying authentication

使用 testsaslauthd -uc1589 -p123456 验证出现以下错误

Mar 11 14:15:16 china1 saslauthd[3739]: do_auth         : auth failure: [user=c11589] [service=smtp] [realm=] [mech=ldap] [reason=Unknown]

然后到phpLDAPadmin里面验证密码,却是是正确的密码。POP同样使用LDAP验证,没有出现验证错误。



结构图

未命名.jpg






论坛徽章:
0
发表于 2012-03-15 15:24 |显示全部楼层
是不是和OpenLDAP的密码加密方式有关,我的LDAP 密码是 SHA的,但是我使用MD5,问题依然存在。

论坛徽章:
0
发表于 2012-03-15 16:03 |显示全部楼层
有人知道吗?我刚刚又发现了一个用户异常。

论坛徽章:
0
发表于 2012-03-19 12:24 |显示全部楼层
顶上去,寻找解决方法。

论坛徽章:
0
发表于 2012-03-19 16:59 |显示全部楼层
看看openldap的日志,另外在master.cf中,第一行
smtps     inet  n       -       y       -       -       smtpd -v ,日志输出的内容更详细。

论坛徽章:
0
发表于 2012-03-19 19:41 |显示全部楼层
不太了解cyrus-sasl。
不过postfix可以配置用dovecot-sasl的验证功能,这样验证功能只要配置一次就好了
如果楼主一直解决不了,不妨用dovecot-sasl试试。

论坛徽章:
0
发表于 2012-03-21 14:10 |显示全部楼层
使用dovecot-sasl 验证的话,Postfix需要重新编译。

论坛徽章:
1
IT运维版块每日发帖之星
日期:2016-05-22 06:20:00
发表于 2016-05-19 16:46 |显示全部楼层
同样的问题,莫名其妙就突然不能登录,要重启机器
您需要登录后才可以回帖 登录 | 注册

本版积分规则

  

北京皓辰网域网络信息技术有限公司. 版权所有 京ICP证:060528号 北京市公安局海淀分局网监中心备案编号:1101082001
广播电视节目制作经营许可证(京) 字第1234号 中国互联网协会会员  联系我们:
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP